1 / 11

SURFfederatie

SURFfederatie. Klaas Wierenga, EuroCAMP Helsinki, 17&18th April 2007. General intro Status IdM practices/policy Policy enforcement Roles & groups Schemas LoA. Contents. Federation close to production status

cardinal
Télécharger la présentation

SURFfederatie

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SURFfederatie Klaas Wierenga, EuroCAMP Helsinki, 17&18th April 2007

  2. General intro Status IdM practices/policy Policy enforcement Roles & groups Schemas LoA Contents

  3. Federation close to production status Model with Central Federation Component (CFC) that translates federation protocols on-the-fly (SAML/A-Select/ADFS/ID-FF) Registration at privacy body (temporary storage of user data for FederatedSSO and/or federation protocol translation). NO requirements wrt technology General introduction

  4. Test/Acceptation federation now runs approx. 1.5 jaar IdP's: RUG, UU, SURFnet, TU-Delft RADIUS IdP for eduroam customers, used by: HU, Avans, HvA, Saxion, HAN Pilots with: Elsevier SD, Dutch publishers, Ellips consortium, SURFnet diensten Scheduled: EBSCO, Microsoft, SURFdiensten, OCLC Pica Status

  5. 2 parties: FederatieLeden (federation members) Annex to regular contract with SURFnet Low level entry FPartners contract between SURFnet and Partner SURFnet is operator Contracts, attributes that are needed for a service published at website Userboard deputation of federation members IdM practices/policies

  6. Federation Member Sign and you’re member Club-model Weak enforcement Almost no formal rules wrt identity management Some rules wrt privacy, 'good IdM' and dealing with abuse Service Provider MUST sign contract Define service, attributes etc. Privacy regulations (best practice will be made available) Requirements on certificate organisation, hostname, ‘friendly name’ Policy enforcement

  7. None Federation is transparant channel Federation is TTP (signing of certificates of SP's / IdP's) Roles & groups

  8. 2 requirements: (opaque)userid@organisation organisation (IdP) Schemas: study in Shibboleth pilot SCHAC IdM at institutions NOT homegeneous Easy start with simple model Presumably 4 or 5 mandatory fields, rest optional Schemas used/planned

  9. Unique selling point of A-Select since version 0.1! Requires authN standardisation in the policy wrt IdM, naming and issuance <authentication_methods> <identifier authsp_id="radius" uri="urn:oasis:names:tc:SAML:1.0:am:password"/> <identifier authsp_id="ldap" uri="urn:oasis:names:tc:SAML:1.0:am:password"/> <identifier authsp_id="sid" uri="urn:oasis:names:tc:SAML:1.0:am:HardwareToken"/ <identifier authsp_id="pki" uri="urn:oasis:names:tc:SAML:1.0:am:X509-PKI"/> Levels of AuthN

  10. The SURFfederatie

  11. More info: http://federatie.surfnet.nl/ Klaas.Wierenga@surfnet.nl Thank you!

More Related